[flashrom] MSI H55-GD65 (MS-7637) (H55, locked ME region, FLOCKDN=0(!))

Donovan Lavinder drmario2007 at gmail.com
Sun Aug 21 03:40:55 CEST 2011 

You guys can also use flashrom utility to be able to write the firmware if
the utility you are using is being stubborn (happens to me too), and if you
want perfect chance, you will want to have a backup BIOS chip with the same
copies of the original firmware (my motherboard have two firmware flash -
something to be truly thankful!), and I would recommend to use Linux Live CD
mentioned in flashrom download page, as FreeDOS have managed to brick all of
the firmware image I have been trying to flash. Fed up, I went to get the
live CD, it works now. I used SystemRescueCd distro (you need to figure out
how to mount the hard drive or jump drive to be able to have flashrom to
download the firmware ROM - for example: mount /dev/sda1 /mnt/disk0 ), so
far, this distro is quite nice to have!

Also, some firmware also contain special key which prompts the southbridge
to ignore the firmware flasher other than the regular utility recommended by
the manufacturer of the motherboard you own. I own Gigabyte GA-MA78GM-S2HP,
and the firmware has 4-byte keys (they have been long since obliterated, but
at least it boots up fine.) You can reverse engineer it if you want to. Try
starting at boot header, which the keys are likely to be at. However, your
mileage will still vary. Hex editor is also good if you guys know how to
read hex codes (Good ol' PIC days!)

Have a happy coding day! (P.S. Thanks all for such a wonderful firmware,
Coreboot!)

On Sat, Aug 20, 2011 at 7:09 PM, Stefan Tauner <
stefan.tauner at student.tuwien.ac.at> wrote:

> On Sat, 20 Aug 2011 23:03:16 +0100 (BST)
> Luzipher McLeod <luziphermcleod at yahoo.ie> wrote:
>
> > Thanks for your mails ! Good to know that there is something going on
> (even though you indicate that it'll take quite some time). If I can do
> anything to help, just let me know.
>
> if you are good at REing you could help a lot (because i am a n00b
> regarding x86 asm, and therefor quite unmotivated to stare at
> disassembly - especially when i see how fluently others are able to
> read this :).
>
> > That said, it really seems to be a messed up situation. As far as I
> understood, there are several "units" involved in accessing the flash (or at
> least granting rights to access the flash).
>
> yes. the firmware for the ME, the GbE controller and the host
> (=BIOS/EFI) are on the same flash chip and all of them can access it
> via the southbridge. they do also write to it (the ME logs some stuff
> at least). access restrictions are enforced by the southbridge which
> acts as a gatekeeper.
>
> > Am I right that the major missing thing is support for the embedded
> controller (ME) ?
>
> exactly. usually that is the only real problem. the flash descriptor
> region is most often read-only, but that's not really an issue (it does
> not need to be updated normally). i *think* to know how the ME can be
> told to give us access superficially (using HECI/MEI), but i don't know
> the exact details. i have a patch already that implements MEI
> communication in flashrom... the question is just what to send (and
> what to expect to receive :)
>
> > I also do have a flashing utility that works from DOS if that'd be any
> help (reverse engineering) ?
>
> there are various of those and RE is the way to go probably (because
> intel won't tell us probably). having access to the binary is not the
> problem though.
>
> >
> > PS: Wir können auch deutsch schreiben, ich hab's mal in Englisch
> verfasst, weil du erwähnt hast, das das ganze evtl auch der Dokumentation
> für etwaige Nachfolgerwahnsinnige dient :-)
>
> if it is not too hard for you, english is the way to go because it is
> the least common denominator of those involved.
>
> i think i should write together what i know about unlocking the ME.
> probably a wiki page would be best...
>
> --
> Kind regards/Mit freundlichen Grüßen, Stefan Tauner
>
> _______________________________________________
> flashrom mailing list
> flashrom at flashrom.org
> http://www.flashrom.org/mailman/listinfo/flashrom
>



-- 
"Mamma-mia, there's Koopa troopa in Mushroom Kingdom!"
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.flashrom.org/pipermail/flashrom/attachments/20110820/a69efc0e/attachment.html>

More information about the flashrom mailing list